1 /******************************************************************************
2 *
3 * Copyright 1999-2012 Broadcom Corporation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 *****************************************************************************/
18
19 /******************************************************************************
20 *
21 * This file contains functions for the SMP L2CAP utility functions
22 *
23 ******************************************************************************/
24 #include "bt_target.h"
25
26 #include <ctype.h>
27 #include <string.h>
28 #include "bt_types.h"
29 #include "bt_utils.h"
30 #include "btm_ble_api.h"
31 #include "device/include/controller.h"
32 #include "hcidefs.h"
33 #include "l2c_api.h"
34 #include "osi/include/log.h"
35 #include "osi/include/osi.h"
36 #include "smp_int.h"
37 #include "stack/btm/btm_ble_int.h"
38 #include "stack/include/acl_api.h"
39 #include "stack/include/stack_metrics_logging.h"
40
41 #define SMP_PAIRING_REQ_SIZE 7
42 #define SMP_CONFIRM_CMD_SIZE (OCTET16_LEN + 1)
43 #define SMP_RAND_CMD_SIZE (OCTET16_LEN + 1)
44 #define SMP_INIT_CMD_SIZE (OCTET16_LEN + 1)
45 #define SMP_ENC_INFO_SIZE (OCTET16_LEN + 1)
46 #define SMP_CENTRAL_ID_SIZE (BT_OCTET8_LEN + 2 + 1)
47 #define SMP_ID_INFO_SIZE (OCTET16_LEN + 1)
48 #define SMP_ID_ADDR_SIZE (BD_ADDR_LEN + 1 + 1)
49 #define SMP_SIGN_INFO_SIZE (OCTET16_LEN + 1)
50 #define SMP_PAIR_FAIL_SIZE 2
51 #define SMP_SECURITY_REQUEST_SIZE 2
52 #define SMP_PAIR_PUBL_KEY_SIZE (1 /* opcode */ + (2 * BT_OCTET32_LEN))
53 #define SMP_PAIR_COMMITM_SIZE (1 /* opcode */ + OCTET16_LEN /*Commitment*/)
54 #define SMP_PAIR_DHKEY_CHECK_SIZE \
55 (1 /* opcode */ + OCTET16_LEN /*DHKey \
56 Check*/)
57 #define SMP_PAIR_KEYPR_NOTIF_SIZE (1 /* opcode */ + 1 /*Notif Type*/)
58
59 /* SMP command sizes per spec */
60 static const uint8_t smp_cmd_size_per_spec[] = {
61 0,
62 SMP_PAIRING_REQ_SIZE, /* 0x01: pairing request */
63 SMP_PAIRING_REQ_SIZE, /* 0x02: pairing response */
64 SMP_CONFIRM_CMD_SIZE, /* 0x03: pairing confirm */
65 SMP_RAND_CMD_SIZE, /* 0x04: pairing random */
66 SMP_PAIR_FAIL_SIZE, /* 0x05: pairing failed */
67 SMP_ENC_INFO_SIZE, /* 0x06: encryption information */
68 SMP_CENTRAL_ID_SIZE, /* 0x07: central identification */
69 SMP_ID_INFO_SIZE, /* 0x08: identity information */
70 SMP_ID_ADDR_SIZE, /* 0x09: identity address information */
71 SMP_SIGN_INFO_SIZE, /* 0x0A: signing information */
72 SMP_SECURITY_REQUEST_SIZE, /* 0x0B: security request */
73 SMP_PAIR_PUBL_KEY_SIZE, /* 0x0C: pairing public key */
74 SMP_PAIR_DHKEY_CHECK_SIZE, /* 0x0D: pairing dhkey check */
75 SMP_PAIR_KEYPR_NOTIF_SIZE, /* 0x0E: pairing keypress notification */
76 SMP_PAIR_COMMITM_SIZE /* 0x0F: pairing commitment */
77 };
78
79 static bool smp_parameter_unconditionally_valid(tSMP_CB* p_cb);
80 static bool smp_parameter_unconditionally_invalid(tSMP_CB* p_cb);
81
82 /* type for SMP command length validation functions */
83 typedef bool (*tSMP_CMD_LEN_VALID)(tSMP_CB* p_cb);
84
85 static bool smp_command_has_valid_fixed_length(tSMP_CB* p_cb);
86
87 static const tSMP_CMD_LEN_VALID smp_cmd_len_is_valid[] = {
88 smp_parameter_unconditionally_invalid,
89 smp_command_has_valid_fixed_length, /* 0x01: pairing request */
90 smp_command_has_valid_fixed_length, /* 0x02: pairing response */
91 smp_command_has_valid_fixed_length, /* 0x03: pairing confirm */
92 smp_command_has_valid_fixed_length, /* 0x04: pairing random */
93 smp_command_has_valid_fixed_length, /* 0x05: pairing failed */
94 smp_command_has_valid_fixed_length, /* 0x06: encryption information */
95 smp_command_has_valid_fixed_length, /* 0x07: central identification */
96 smp_command_has_valid_fixed_length, /* 0x08: identity information */
97 smp_command_has_valid_fixed_length, /* 0x09: identity address information */
98 smp_command_has_valid_fixed_length, /* 0x0A: signing information */
99 smp_command_has_valid_fixed_length, /* 0x0B: security request */
100 smp_command_has_valid_fixed_length, /* 0x0C: pairing public key */
101 smp_command_has_valid_fixed_length, /* 0x0D: pairing dhkey check */
102 smp_command_has_valid_fixed_length, /* 0x0E: pairing keypress notification*/
103 smp_command_has_valid_fixed_length /* 0x0F: pairing commitment */
104 };
105
106 /* type for SMP command parameter ranges validation functions */
107 typedef bool (*tSMP_CMD_PARAM_RANGES_VALID)(tSMP_CB* p_cb);
108
109 static bool smp_pairing_request_response_parameters_are_valid(tSMP_CB* p_cb);
110 static bool smp_pairing_keypress_notification_is_valid(tSMP_CB* p_cb);
111
112 static const tSMP_CMD_PARAM_RANGES_VALID smp_cmd_param_ranges_are_valid[] = {
113 smp_parameter_unconditionally_invalid,
114 smp_pairing_request_response_parameters_are_valid, /* 0x01: pairing
115 request */
116 smp_pairing_request_response_parameters_are_valid, /* 0x02: pairing
117 response */
118 smp_parameter_unconditionally_valid, /* 0x03: pairing confirm */
119 smp_parameter_unconditionally_valid, /* 0x04: pairing random */
120 smp_parameter_unconditionally_valid, /* 0x05: pairing failed */
121 smp_parameter_unconditionally_valid, /* 0x06: encryption information */
122 smp_parameter_unconditionally_valid, /* 0x07: central identification */
123 smp_parameter_unconditionally_valid, /* 0x08: identity information */
124 smp_parameter_unconditionally_valid, /* 0x09: identity address
125 information */
126 smp_parameter_unconditionally_valid, /* 0x0A: signing information */
127 smp_parameter_unconditionally_valid, /* 0x0B: security request */
128 smp_parameter_unconditionally_valid, /* 0x0C: pairing public key */
129 smp_parameter_unconditionally_valid, /* 0x0D: pairing dhkey check */
130 smp_pairing_keypress_notification_is_valid, /* 0x0E: pairing keypress
131 notification */
132 smp_parameter_unconditionally_valid /* 0x0F: pairing commitment */
133 };
134
135 /* type for action functions */
136 typedef BT_HDR* (*tSMP_CMD_ACT)(uint8_t cmd_code, tSMP_CB* p_cb);
137
138 static BT_HDR* smp_build_pairing_cmd(uint8_t cmd_code, tSMP_CB* p_cb);
139 static BT_HDR* smp_build_confirm_cmd(UNUSED_ATTR uint8_t cmd_code,
140 tSMP_CB* p_cb);
141 static BT_HDR* smp_build_rand_cmd(UNUSED_ATTR uint8_t cmd_code, tSMP_CB* p_cb);
142 static BT_HDR* smp_build_pairing_fail(UNUSED_ATTR uint8_t cmd_code,
143 tSMP_CB* p_cb);
144 static BT_HDR* smp_build_identity_info_cmd(UNUSED_ATTR uint8_t cmd_code,
145 tSMP_CB* p_cb);
146 static BT_HDR* smp_build_encrypt_info_cmd(UNUSED_ATTR uint8_t cmd_code,
147 tSMP_CB* p_cb);
148 static BT_HDR* smp_build_security_request(UNUSED_ATTR uint8_t cmd_code,
149 tSMP_CB* p_cb);
150 static BT_HDR* smp_build_signing_info_cmd(UNUSED_ATTR uint8_t cmd_code,
151 tSMP_CB* p_cb);
152 static BT_HDR* smp_build_central_id_cmd(UNUSED_ATTR uint8_t cmd_code,
153 tSMP_CB* p_cb);
154 static BT_HDR* smp_build_id_addr_cmd(UNUSED_ATTR uint8_t cmd_code,
155 tSMP_CB* p_cb);
156 static BT_HDR* smp_build_pair_public_key_cmd(UNUSED_ATTR uint8_t cmd_code,
157 tSMP_CB* p_cb);
158 static BT_HDR* smp_build_pairing_commitment_cmd(UNUSED_ATTR uint8_t cmd_code,
159 tSMP_CB* p_cb);
160 static BT_HDR* smp_build_pair_dhkey_check_cmd(UNUSED_ATTR uint8_t cmd_code,
161 tSMP_CB* p_cb);
162 static BT_HDR* smp_build_pairing_keypress_notification_cmd(
163 UNUSED_ATTR uint8_t cmd_code, tSMP_CB* p_cb);
164
165 static const tSMP_CMD_ACT smp_cmd_build_act[] = {
166 NULL,
167 smp_build_pairing_cmd, /* 0x01: pairing request */
168 smp_build_pairing_cmd, /* 0x02: pairing response */
169 smp_build_confirm_cmd, /* 0x03: pairing confirm */
170 smp_build_rand_cmd, /* 0x04: pairing random */
171 smp_build_pairing_fail, /* 0x05: pairing failure */
172 smp_build_encrypt_info_cmd, /* 0x06: encryption information */
173 smp_build_central_id_cmd, /* 0x07: central identification */
174 smp_build_identity_info_cmd, /* 0x08: identity information */
175 smp_build_id_addr_cmd, /* 0x09: identity address information */
176 smp_build_signing_info_cmd, /* 0x0A: signing information */
177 smp_build_security_request, /* 0x0B: security request */
178 smp_build_pair_public_key_cmd, /* 0x0C: pairing public key */
179 smp_build_pair_dhkey_check_cmd, /* 0x0D: pairing DHKey check */
180 smp_build_pairing_keypress_notification_cmd, /* 0x0E: pairing keypress
181 notification */
182 smp_build_pairing_commitment_cmd /* 0x0F: pairing commitment */
183 };
184
185 static const tSMP_ASSO_MODEL
186 smp_association_table[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
187 /* display only */ /* Display Yes/No */ /* keyboard only */
188 /* No Input/Output */ /* keyboard display */
189
190 /* initiator */
191 /* model = tbl[peer_io_caps][loc_io_caps] */
192 /* Display Only */
193 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
194 SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
195
196 /* Display Yes/No */
197 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
198 SMP_MODEL_PASSKEY, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
199
200 /* Keyboard only */
201 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
202 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
203
204 /* No Input No Output */
205 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
206 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
207 SMP_MODEL_ENCRYPTION_ONLY},
208
209 /* keyboard display */
210 {SMP_MODEL_KEY_NOTIF, SMP_MODEL_KEY_NOTIF, SMP_MODEL_PASSKEY,
211 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF}},
212
213 /* responder */
214 /* model = tbl[loc_io_caps][peer_io_caps] */
215 /* Display Only */
216 {{SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
217 SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
218
219 /* Display Yes/No */
220 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
221 SMP_MODEL_KEY_NOTIF, SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_KEY_NOTIF},
222
223 /* keyboard only */
224 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY,
225 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY},
226
227 /* No Input No Output */
228 {SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
229 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_ENCRYPTION_ONLY,
230 SMP_MODEL_ENCRYPTION_ONLY},
231
232 /* keyboard display */
233 {SMP_MODEL_PASSKEY, SMP_MODEL_PASSKEY, SMP_MODEL_KEY_NOTIF,
234 SMP_MODEL_ENCRYPTION_ONLY, SMP_MODEL_PASSKEY}}};
235
236 static const tSMP_ASSO_MODEL
237 smp_association_table_sc[2][SMP_IO_CAP_MAX][SMP_IO_CAP_MAX] = {
238 /* display only */ /* Display Yes/No */ /* keyboard only */
239 /* No InputOutput */ /* keyboard display */
240
241 /* initiator */
242 /* model = tbl[peer_io_caps][loc_io_caps] */
243
244 /* Display Only */
245 {{SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
246 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_JUSTWORKS,
247 SMP_MODEL_SEC_CONN_PASSKEY_ENT},
248
249 /* Display Yes/No */
250 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP,
251 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_JUSTWORKS,
252 SMP_MODEL_SEC_CONN_NUM_COMP},
253
254 /* keyboard only */
255 {SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_PASSKEY_DISP,
256 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_JUSTWORKS,
257 SMP_MODEL_SEC_CONN_PASSKEY_DISP},
258
259 /* No Input No Output */
260 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
261 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
262 SMP_MODEL_SEC_CONN_JUSTWORKS},
263
264 /* keyboard display */
265 {SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_NUM_COMP,
266 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_JUSTWORKS,
267 SMP_MODEL_SEC_CONN_NUM_COMP}},
268
269 /* responder */
270 /* model = tbl[loc_io_caps][peer_io_caps] */
271
272 /* Display Only */
273 {{SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
274 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_JUSTWORKS,
275 SMP_MODEL_SEC_CONN_PASSKEY_DISP},
276
277 /* Display Yes/No */
278 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_NUM_COMP,
279 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_JUSTWORKS,
280 SMP_MODEL_SEC_CONN_NUM_COMP},
281
282 /* keyboard only */
283 {SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_PASSKEY_ENT,
284 SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_JUSTWORKS,
285 SMP_MODEL_SEC_CONN_PASSKEY_ENT},
286
287 /* No Input No Output */
288 {SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
289 SMP_MODEL_SEC_CONN_JUSTWORKS, SMP_MODEL_SEC_CONN_JUSTWORKS,
290 SMP_MODEL_SEC_CONN_JUSTWORKS},
291
292 /* keyboard display */
293 {SMP_MODEL_SEC_CONN_PASSKEY_ENT, SMP_MODEL_SEC_CONN_NUM_COMP,
294 SMP_MODEL_SEC_CONN_PASSKEY_DISP, SMP_MODEL_SEC_CONN_JUSTWORKS,
295 SMP_MODEL_SEC_CONN_NUM_COMP}}};
296
297 static tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB* p_cb);
298 static tSMP_ASSO_MODEL smp_select_association_model_secure_connections(
299 tSMP_CB* p_cb);
300
301 /**
302 * Log metrics data for SMP command
303 *
304 * @param bd_addr current pairing address
305 * @param is_outgoing whether this command is outgoing
306 * @param p_buf buffer to the beginning of SMP command
307 * @param buf_len length available to read for p_buf
308 */
smp_log_metrics(const RawAddress & bd_addr,bool is_outgoing,const uint8_t * p_buf,size_t buf_len)309 void smp_log_metrics(const RawAddress& bd_addr, bool is_outgoing,
310 const uint8_t* p_buf, size_t buf_len) {
311 if (buf_len < 1) {
312 LOG(WARNING) << __func__ << ": buffer is too small, size is " << buf_len;
313 return;
314 }
315 uint8_t cmd;
316 STREAM_TO_UINT8(cmd, p_buf);
317 buf_len--;
318 uint8_t failure_reason = 0;
319 if (cmd == SMP_OPCODE_PAIRING_FAILED && buf_len >= 1) {
320 STREAM_TO_UINT8(failure_reason, p_buf);
321 }
322 android::bluetooth::DirectionEnum direction =
323 is_outgoing ? android::bluetooth::DirectionEnum::DIRECTION_OUTGOING
324 : android::bluetooth::DirectionEnum::DIRECTION_INCOMING;
325 log_smp_pairing_event(bd_addr, cmd, direction, failure_reason);
326 }
327
328 /*******************************************************************************
329 *
330 * Function smp_send_msg_to_L2CAP
331 *
332 * Description Send message to L2CAP.
333 *
334 ******************************************************************************/
smp_send_msg_to_L2CAP(const RawAddress & rem_bda,BT_HDR * p_toL2CAP)335 bool smp_send_msg_to_L2CAP(const RawAddress& rem_bda, BT_HDR* p_toL2CAP) {
336 uint16_t l2cap_ret;
337 uint16_t fixed_cid = L2CAP_SMP_CID;
338
339 if (smp_cb.smp_over_br) {
340 fixed_cid = L2CAP_SMP_BR_CID;
341 }
342
343 SMP_TRACE_EVENT("%s", __func__);
344
345 smp_log_metrics(rem_bda, true /* outgoing */,
346 p_toL2CAP->data + p_toL2CAP->offset, p_toL2CAP->len);
347
348 l2cap_ret = L2CA_SendFixedChnlData(fixed_cid, rem_bda, p_toL2CAP);
349 if (l2cap_ret == L2CAP_DW_FAILED) {
350 SMP_TRACE_ERROR("SMP failed to pass msg to L2CAP");
351 return false;
352 } else {
353 tSMP_CB* p_cb = &smp_cb;
354
355 if (p_cb->wait_for_authorization_complete) {
356 tSMP_INT_DATA smp_int_data;
357 smp_int_data.status = SMP_SUCCESS;
358 if (fixed_cid == L2CAP_SMP_CID) {
359 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
360 } else {
361 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
362 }
363 }
364 return true;
365 }
366 }
367
368 /*******************************************************************************
369 *
370 * Function smp_send_cmd
371 *
372 * Description send a SMP command on L2CAP channel.
373 *
374 ******************************************************************************/
smp_send_cmd(uint8_t cmd_code,tSMP_CB * p_cb)375 bool smp_send_cmd(uint8_t cmd_code, tSMP_CB* p_cb) {
376 BT_HDR* p_buf;
377 bool sent = false;
378
379 LOG_DEBUG("Sending SMP command:%s[0x%x] pairing_bda=%s",
380 smp_opcode_text(static_cast<tSMP_OPCODE>(cmd_code)).c_str(),
381 cmd_code, PRIVATE_ADDRESS(p_cb->pairing_bda));
382
383 if (cmd_code <= (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */) &&
384 smp_cmd_build_act[cmd_code] != NULL) {
385 p_buf = (*smp_cmd_build_act[cmd_code])(cmd_code, p_cb);
386
387 if (p_buf != NULL && smp_send_msg_to_L2CAP(p_cb->pairing_bda, p_buf)) {
388 sent = true;
389 alarm_set_on_mloop(p_cb->smp_rsp_timer_ent, SMP_WAIT_FOR_RSP_TIMEOUT_MS,
390 smp_rsp_timeout, NULL);
391 }
392 }
393
394 if (!sent) {
395 tSMP_INT_DATA smp_int_data;
396 smp_int_data.status = SMP_PAIR_INTERNAL_ERR;
397 if (p_cb->smp_over_br) {
398 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
399 } else {
400 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
401 }
402 }
403 return sent;
404 }
405
406 /*******************************************************************************
407 *
408 * Function smp_rsp_timeout
409 *
410 * Description Called when SMP wait for SMP command response timer expires
411 *
412 * Returns void
413 *
414 ******************************************************************************/
smp_rsp_timeout(UNUSED_ATTR void * data)415 void smp_rsp_timeout(UNUSED_ATTR void* data) {
416 tSMP_CB* p_cb = &smp_cb;
417
418 SMP_TRACE_EVENT("%s state:%d br_state:%d", __func__, p_cb->state,
419 p_cb->br_state);
420
421 tSMP_INT_DATA smp_int_data;
422 smp_int_data.status = SMP_RSP_TIMEOUT;
423 if (p_cb->smp_over_br) {
424 smp_br_state_machine_event(p_cb, SMP_BR_AUTH_CMPL_EVT, &smp_int_data);
425 } else {
426 smp_sm_event(p_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
427 }
428 }
429
430 /*******************************************************************************
431 *
432 * Function smp_delayed_auth_complete_timeout
433 *
434 * Description Called when no pairing failed command received within
435 * timeout period.
436 *
437 * Returns void
438 *
439 ******************************************************************************/
smp_delayed_auth_complete_timeout(UNUSED_ATTR void * data)440 void smp_delayed_auth_complete_timeout(UNUSED_ATTR void* data) {
441 /*
442 * Waited for potential pair failure. Send SMP_AUTH_CMPL_EVT if
443 * the state is still in bond pending.
444 */
445 if (smp_get_state() == SMP_STATE_BOND_PENDING) {
446 SMP_TRACE_EVENT("%s sending delayed auth complete.", __func__);
447 tSMP_INT_DATA smp_int_data;
448 smp_int_data.status = SMP_SUCCESS;
449 smp_sm_event(&smp_cb, SMP_AUTH_CMPL_EVT, &smp_int_data);
450 }
451 }
452
453 /*******************************************************************************
454 *
455 * Function smp_build_pairing_req_cmd
456 *
457 * Description Build pairing request command.
458 *
459 ******************************************************************************/
smp_build_pairing_cmd(uint8_t cmd_code,tSMP_CB * p_cb)460 BT_HDR* smp_build_pairing_cmd(uint8_t cmd_code, tSMP_CB* p_cb) {
461 uint8_t* p;
462 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_PAIRING_REQ_SIZE +
463 L2CAP_MIN_OFFSET);
464
465 SMP_TRACE_EVENT("%s", __func__);
466
467 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
468 UINT8_TO_STREAM(p, cmd_code);
469 UINT8_TO_STREAM(p, p_cb->local_io_capability);
470 UINT8_TO_STREAM(p, p_cb->loc_oob_flag);
471 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
472 UINT8_TO_STREAM(p, p_cb->loc_enc_size);
473 UINT8_TO_STREAM(p, p_cb->local_i_key);
474 UINT8_TO_STREAM(p, p_cb->local_r_key);
475
476 p_buf->offset = L2CAP_MIN_OFFSET;
477 /* 1B ERR_RSP op code + 1B cmd_op_code + 2B handle + 1B status */
478 p_buf->len = SMP_PAIRING_REQ_SIZE;
479
480 return p_buf;
481 }
482
483 /*******************************************************************************
484 *
485 * Function smp_build_confirm_cmd
486 *
487 * Description Build confirm request command.
488 *
489 ******************************************************************************/
smp_build_confirm_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)490 static BT_HDR* smp_build_confirm_cmd(UNUSED_ATTR uint8_t cmd_code,
491 tSMP_CB* p_cb) {
492 uint8_t* p;
493 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_CONFIRM_CMD_SIZE +
494 L2CAP_MIN_OFFSET);
495
496 SMP_TRACE_EVENT("%s", __func__);
497
498 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
499
500 UINT8_TO_STREAM(p, SMP_OPCODE_CONFIRM);
501 ARRAY_TO_STREAM(p, p_cb->confirm, OCTET16_LEN);
502
503 p_buf->offset = L2CAP_MIN_OFFSET;
504 p_buf->len = SMP_CONFIRM_CMD_SIZE;
505
506 return p_buf;
507 }
508
509 /*******************************************************************************
510 *
511 * Function smp_build_rand_cmd
512 *
513 * Description Build Random command.
514 *
515 ******************************************************************************/
smp_build_rand_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)516 static BT_HDR* smp_build_rand_cmd(UNUSED_ATTR uint8_t cmd_code, tSMP_CB* p_cb) {
517 uint8_t* p;
518 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_RAND_CMD_SIZE +
519 L2CAP_MIN_OFFSET);
520
521 SMP_TRACE_EVENT("%s", __func__);
522
523 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
524 UINT8_TO_STREAM(p, SMP_OPCODE_RAND);
525 ARRAY_TO_STREAM(p, p_cb->rand, OCTET16_LEN);
526
527 p_buf->offset = L2CAP_MIN_OFFSET;
528 p_buf->len = SMP_RAND_CMD_SIZE;
529
530 return p_buf;
531 }
532
533 /*******************************************************************************
534 *
535 * Function smp_build_encrypt_info_cmd
536 *
537 * Description Build security information command.
538 *
539 ******************************************************************************/
smp_build_encrypt_info_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)540 static BT_HDR* smp_build_encrypt_info_cmd(UNUSED_ATTR uint8_t cmd_code,
541 tSMP_CB* p_cb) {
542 uint8_t* p;
543 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_ENC_INFO_SIZE +
544 L2CAP_MIN_OFFSET);
545
546 SMP_TRACE_EVENT("%s", __func__);
547
548 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
549 UINT8_TO_STREAM(p, SMP_OPCODE_ENCRYPT_INFO);
550 ARRAY_TO_STREAM(p, p_cb->ltk, OCTET16_LEN);
551
552 p_buf->offset = L2CAP_MIN_OFFSET;
553 p_buf->len = SMP_ENC_INFO_SIZE;
554
555 return p_buf;
556 }
557
558 /*******************************************************************************
559 *
560 * Function smp_build_central_id_cmd
561 *
562 * Description Build security information command.
563 *
564 ******************************************************************************/
smp_build_central_id_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)565 static BT_HDR* smp_build_central_id_cmd(UNUSED_ATTR uint8_t cmd_code,
566 tSMP_CB* p_cb) {
567 uint8_t* p;
568 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_CENTRAL_ID_SIZE +
569 L2CAP_MIN_OFFSET);
570
571 SMP_TRACE_EVENT("%s", __func__);
572
573 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
574 UINT8_TO_STREAM(p, SMP_OPCODE_CENTRAL_ID);
575 UINT16_TO_STREAM(p, p_cb->ediv);
576 ARRAY_TO_STREAM(p, p_cb->enc_rand, BT_OCTET8_LEN);
577
578 p_buf->offset = L2CAP_MIN_OFFSET;
579 p_buf->len = SMP_CENTRAL_ID_SIZE;
580
581 return p_buf;
582 }
583
584 /*******************************************************************************
585 *
586 * Function smp_build_identity_info_cmd
587 *
588 * Description Build identity information command.
589 *
590 ******************************************************************************/
smp_build_identity_info_cmd(UNUSED_ATTR uint8_t cmd_code,UNUSED_ATTR tSMP_CB * p_cb)591 static BT_HDR* smp_build_identity_info_cmd(UNUSED_ATTR uint8_t cmd_code,
592 UNUSED_ATTR tSMP_CB* p_cb) {
593 uint8_t* p;
594 BT_HDR* p_buf =
595 (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_ID_INFO_SIZE + L2CAP_MIN_OFFSET);
596
597 SMP_TRACE_EVENT("%s", __func__);
598
599 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
600
601 const Octet16& irk = BTM_GetDeviceIDRoot();
602
603 UINT8_TO_STREAM(p, SMP_OPCODE_IDENTITY_INFO);
604 ARRAY_TO_STREAM(p, irk.data(), OCTET16_LEN);
605
606 p_buf->offset = L2CAP_MIN_OFFSET;
607 p_buf->len = SMP_ID_INFO_SIZE;
608
609 return p_buf;
610 }
611
612 /*******************************************************************************
613 *
614 * Function smp_build_id_addr_cmd
615 *
616 * Description Build identity address information command.
617 *
618 ******************************************************************************/
smp_build_id_addr_cmd(UNUSED_ATTR uint8_t cmd_code,UNUSED_ATTR tSMP_CB * p_cb)619 static BT_HDR* smp_build_id_addr_cmd(UNUSED_ATTR uint8_t cmd_code,
620 UNUSED_ATTR tSMP_CB* p_cb) {
621 uint8_t* p;
622 BT_HDR* p_buf =
623 (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_ID_ADDR_SIZE + L2CAP_MIN_OFFSET);
624
625 SMP_TRACE_EVENT("%s", __func__);
626
627 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
628 UINT8_TO_STREAM(p, SMP_OPCODE_ID_ADDR);
629 UINT8_TO_STREAM(p, 0);
630 BDADDR_TO_STREAM(p, *controller_get_interface()->get_address());
631
632 p_buf->offset = L2CAP_MIN_OFFSET;
633 p_buf->len = SMP_ID_ADDR_SIZE;
634
635 return p_buf;
636 }
637
638 /*******************************************************************************
639 *
640 * Function smp_build_signing_info_cmd
641 *
642 * Description Build signing information command.
643 *
644 ******************************************************************************/
smp_build_signing_info_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)645 static BT_HDR* smp_build_signing_info_cmd(UNUSED_ATTR uint8_t cmd_code,
646 tSMP_CB* p_cb) {
647 uint8_t* p;
648 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_SIGN_INFO_SIZE +
649 L2CAP_MIN_OFFSET);
650
651 SMP_TRACE_EVENT("%s", __func__);
652
653 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
654 UINT8_TO_STREAM(p, SMP_OPCODE_SIGN_INFO);
655 ARRAY_TO_STREAM(p, p_cb->csrk, OCTET16_LEN);
656
657 p_buf->offset = L2CAP_MIN_OFFSET;
658 p_buf->len = SMP_SIGN_INFO_SIZE;
659
660 return p_buf;
661 }
662
663 /*******************************************************************************
664 *
665 * Function smp_build_pairing_fail
666 *
667 * Description Build Pairing Fail command.
668 *
669 ******************************************************************************/
smp_build_pairing_fail(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)670 static BT_HDR* smp_build_pairing_fail(UNUSED_ATTR uint8_t cmd_code,
671 tSMP_CB* p_cb) {
672 uint8_t* p;
673 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE +
674 L2CAP_MIN_OFFSET);
675
676 SMP_TRACE_EVENT("%s", __func__);
677
678 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
679 UINT8_TO_STREAM(p, SMP_OPCODE_PAIRING_FAILED);
680 UINT8_TO_STREAM(p, p_cb->failure);
681
682 p_buf->offset = L2CAP_MIN_OFFSET;
683 p_buf->len = SMP_PAIR_FAIL_SIZE;
684
685 return p_buf;
686 }
687
688 /*******************************************************************************
689 *
690 * Function smp_build_security_request
691 *
692 * Description Build security request command.
693 *
694 ******************************************************************************/
smp_build_security_request(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)695 static BT_HDR* smp_build_security_request(UNUSED_ATTR uint8_t cmd_code,
696 tSMP_CB* p_cb) {
697 uint8_t* p;
698 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + 2 + L2CAP_MIN_OFFSET);
699
700 SMP_TRACE_EVENT("%s", __func__);
701
702 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
703 UINT8_TO_STREAM(p, SMP_OPCODE_SEC_REQ);
704 UINT8_TO_STREAM(p, p_cb->loc_auth_req);
705
706 p_buf->offset = L2CAP_MIN_OFFSET;
707 p_buf->len = SMP_SECURITY_REQUEST_SIZE;
708
709 SMP_TRACE_EVENT("opcode=%d auth_req=0x%x", SMP_OPCODE_SEC_REQ,
710 p_cb->loc_auth_req);
711
712 return p_buf;
713 }
714
715 /*******************************************************************************
716 *
717 * Function smp_build_pair_public_key_cmd
718 *
719 * Description Build pairing public key command.
720 *
721 ******************************************************************************/
smp_build_pair_public_key_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)722 static BT_HDR* smp_build_pair_public_key_cmd(UNUSED_ATTR uint8_t cmd_code,
723 tSMP_CB* p_cb) {
724 uint8_t* p;
725 uint8_t publ_key[2 * BT_OCTET32_LEN];
726 uint8_t* p_publ_key = publ_key;
727 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_PUBL_KEY_SIZE +
728 L2CAP_MIN_OFFSET);
729
730 SMP_TRACE_EVENT("%s", __func__);
731
732 memcpy(p_publ_key, p_cb->loc_publ_key.x, BT_OCTET32_LEN);
733 memcpy(p_publ_key + BT_OCTET32_LEN, p_cb->loc_publ_key.y, BT_OCTET32_LEN);
734
735 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
736 UINT8_TO_STREAM(p, SMP_OPCODE_PAIR_PUBLIC_KEY);
737 ARRAY_TO_STREAM(p, p_publ_key, 2 * BT_OCTET32_LEN);
738
739 p_buf->offset = L2CAP_MIN_OFFSET;
740 p_buf->len = SMP_PAIR_PUBL_KEY_SIZE;
741
742 return p_buf;
743 }
744
745 /*******************************************************************************
746 *
747 * Function smp_build_pairing_commitment_cmd
748 *
749 * Description Build pairing commitment command.
750 *
751 ******************************************************************************/
smp_build_pairing_commitment_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)752 static BT_HDR* smp_build_pairing_commitment_cmd(UNUSED_ATTR uint8_t cmd_code,
753 tSMP_CB* p_cb) {
754 uint8_t* p;
755 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_COMMITM_SIZE +
756 L2CAP_MIN_OFFSET);
757
758 SMP_TRACE_EVENT("%s", __func__);
759
760 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
761 UINT8_TO_STREAM(p, SMP_OPCODE_CONFIRM);
762 ARRAY_TO_STREAM(p, p_cb->commitment, OCTET16_LEN);
763
764 p_buf->offset = L2CAP_MIN_OFFSET;
765 p_buf->len = SMP_PAIR_COMMITM_SIZE;
766
767 return p_buf;
768 }
769
770 /*******************************************************************************
771 *
772 * Function smp_build_pair_dhkey_check_cmd
773 *
774 * Description Build pairing DHKey check command.
775 *
776 ******************************************************************************/
smp_build_pair_dhkey_check_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)777 static BT_HDR* smp_build_pair_dhkey_check_cmd(UNUSED_ATTR uint8_t cmd_code,
778 tSMP_CB* p_cb) {
779 uint8_t* p;
780 BT_HDR* p_buf = (BT_HDR*)osi_malloc(
781 sizeof(BT_HDR) + SMP_PAIR_DHKEY_CHECK_SIZE + L2CAP_MIN_OFFSET);
782
783 SMP_TRACE_EVENT("%s", __func__);
784
785 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
786 UINT8_TO_STREAM(p, SMP_OPCODE_PAIR_DHKEY_CHECK);
787 ARRAY_TO_STREAM(p, p_cb->dhkey_check, OCTET16_LEN);
788
789 p_buf->offset = L2CAP_MIN_OFFSET;
790 p_buf->len = SMP_PAIR_DHKEY_CHECK_SIZE;
791
792 return p_buf;
793 }
794
795 /*******************************************************************************
796 *
797 * Function smp_build_pairing_keypress_notification_cmd
798 *
799 * Description Build keypress notification command.
800 *
801 ******************************************************************************/
smp_build_pairing_keypress_notification_cmd(UNUSED_ATTR uint8_t cmd_code,tSMP_CB * p_cb)802 static BT_HDR* smp_build_pairing_keypress_notification_cmd(
803 UNUSED_ATTR uint8_t cmd_code, tSMP_CB* p_cb) {
804 uint8_t* p;
805 BT_HDR* p_buf = (BT_HDR*)osi_malloc(
806 sizeof(BT_HDR) + SMP_PAIR_KEYPR_NOTIF_SIZE + L2CAP_MIN_OFFSET);
807
808 SMP_TRACE_EVENT("%s", __func__);
809
810 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
811 UINT8_TO_STREAM(p, SMP_OPCODE_PAIR_KEYPR_NOTIF);
812 UINT8_TO_STREAM(p, p_cb->local_keypress_notification);
813
814 p_buf->offset = L2CAP_MIN_OFFSET;
815 p_buf->len = SMP_PAIR_KEYPR_NOTIF_SIZE;
816
817 return p_buf;
818 }
819
820 /** This function is called to convert a 6 to 16 digits numeric character string
821 * into SMP TK. */
smp_convert_string_to_tk(Octet16 * tk,uint32_t passkey)822 void smp_convert_string_to_tk(Octet16* tk, uint32_t passkey) {
823 uint8_t* p = tk->data();
824 tSMP_KEY key;
825 SMP_TRACE_EVENT("smp_convert_string_to_tk");
826 UINT32_TO_STREAM(p, passkey);
827
828 key.key_type = SMP_KEY_TYPE_TK;
829 key.p_data = tk->data();
830
831 tSMP_INT_DATA smp_int_data;
832 smp_int_data.key = key;
833 smp_sm_event(&smp_cb, SMP_KEY_READY_EVT, &smp_int_data);
834 }
835
836 /** This function is called to mask off the encryption key based on the maximum
837 * encryption key size. */
smp_mask_enc_key(uint8_t loc_enc_size,Octet16 * p_data)838 void smp_mask_enc_key(uint8_t loc_enc_size, Octet16* p_data) {
839 SMP_TRACE_EVENT("smp_mask_enc_key");
840 if (loc_enc_size < OCTET16_LEN) {
841 for (; loc_enc_size < OCTET16_LEN; loc_enc_size++)
842 (*p_data)[loc_enc_size] = 0;
843 }
844 return;
845 }
846
847 /** utility function to do an biteise exclusive-OR of two bit strings of the
848 * length of OCTET16_LEN. Result is stored in first argument.
849 */
smp_xor_128(Octet16 * a,const Octet16 & b)850 void smp_xor_128(Octet16* a, const Octet16& b) {
851 CHECK(a);
852 uint8_t i, *aa = a->data();
853 const uint8_t* bb = b.data();
854
855 for (i = 0; i < OCTET16_LEN; i++) {
856 aa[i] = aa[i] ^ bb[i];
857 }
858 }
859
860 /*******************************************************************************
861 *
862 * Function smp_cb_cleanup
863 *
864 * Description Clean up SMP control block
865 *
866 * Returns void
867 *
868 ******************************************************************************/
smp_cb_cleanup(tSMP_CB * p_cb)869 void smp_cb_cleanup(tSMP_CB* p_cb) {
870 tSMP_CALLBACK* p_callback = p_cb->p_callback;
871 uint8_t trace_level = p_cb->trace_level;
872 alarm_t* smp_rsp_timer_ent = p_cb->smp_rsp_timer_ent;
873 alarm_t* delayed_auth_timer_ent = p_cb->delayed_auth_timer_ent;
874
875 SMP_TRACE_EVENT("smp_cb_cleanup");
876
877 alarm_cancel(p_cb->smp_rsp_timer_ent);
878 alarm_cancel(p_cb->delayed_auth_timer_ent);
879 memset(p_cb, 0, sizeof(tSMP_CB));
880 p_cb->p_callback = p_callback;
881 p_cb->trace_level = trace_level;
882 p_cb->smp_rsp_timer_ent = smp_rsp_timer_ent;
883 p_cb->delayed_auth_timer_ent = delayed_auth_timer_ent;
884 }
885
886 /*******************************************************************************
887 *
888 * Function smp_remove_fixed_channel
889 *
890 * Description This function is called to remove the fixed channel
891 *
892 * Returns void
893 *
894 ******************************************************************************/
smp_remove_fixed_channel(tSMP_CB * p_cb)895 void smp_remove_fixed_channel(tSMP_CB* p_cb) {
896 SMP_TRACE_DEBUG("%s", __func__);
897
898 if (p_cb->smp_over_br)
899 L2CA_RemoveFixedChnl(L2CAP_SMP_BR_CID, p_cb->pairing_bda);
900 else
901 L2CA_RemoveFixedChnl(L2CAP_SMP_CID, p_cb->pairing_bda);
902 }
903
904 /*******************************************************************************
905 *
906 * Function smp_reset_control_value
907 *
908 * Description This function is called to reset the control block value
909 * when the pairing procedure finished.
910 *
911 *
912 * Returns void
913 *
914 ******************************************************************************/
smp_reset_control_value(tSMP_CB * p_cb)915 void smp_reset_control_value(tSMP_CB* p_cb) {
916 SMP_TRACE_EVENT("%s", __func__);
917
918 alarm_cancel(p_cb->smp_rsp_timer_ent);
919 p_cb->flags = 0;
920 /* set the link idle timer to drop the link when pairing is done
921 usually service discovery will follow authentication complete, to avoid
922 racing condition for a link down/up, set link idle timer to be
923 SMP_LINK_TOUT_MIN to guarantee SMP key exchange */
924 L2CA_SetIdleTimeoutByBdAddr(p_cb->pairing_bda, SMP_LINK_TOUT_MIN,
925 BT_TRANSPORT_LE);
926
927 /* We can tell L2CAP to remove the fixed channel (if it has one) */
928 smp_remove_fixed_channel(p_cb);
929 smp_cb_cleanup(p_cb);
930 }
931
932 /*******************************************************************************
933 *
934 * Function smp_proc_pairing_cmpl
935 *
936 * Description This function is called to process pairing complete
937 *
938 *
939 * Returns void
940 *
941 ******************************************************************************/
smp_proc_pairing_cmpl(tSMP_CB * p_cb)942 void smp_proc_pairing_cmpl(tSMP_CB* p_cb) {
943 tSMP_EVT_DATA evt_data = {0};
944 tSMP_CALLBACK* p_callback = p_cb->p_callback;
945
946 evt_data.cmplt.reason = p_cb->status;
947 evt_data.cmplt.smp_over_br = p_cb->smp_over_br;
948
949 LOG_DEBUG(
950 "Pairing process has completed to remote:%s reason:0x%0x sec_level=0x%0x",
951 PRIVATE_ADDRESS(p_cb->pairing_bda), evt_data.cmplt.reason,
952 evt_data.cmplt.sec_level);
953
954 if (p_cb->status == SMP_SUCCESS) evt_data.cmplt.sec_level = p_cb->sec_level;
955
956 evt_data.cmplt.is_pair_cancel = false;
957
958 if (p_cb->is_pair_cancel) evt_data.cmplt.is_pair_cancel = true;
959
960 RawAddress pairing_bda = p_cb->pairing_bda;
961
962 smp_reset_control_value(p_cb);
963
964 if (p_callback) (*p_callback)(SMP_COMPLT_EVT, pairing_bda, &evt_data);
965 }
966
967 /*******************************************************************************
968 *
969 * Function smp_command_has_invalid_length
970 *
971 * Description Checks if the received SMP command has invalid length
972 * It returns true if the command has invalid length.
973 *
974 * Returns true if the command has invalid length, false otherwise.
975 *
976 ******************************************************************************/
smp_command_has_invalid_length(tSMP_CB * p_cb)977 bool smp_command_has_invalid_length(tSMP_CB* p_cb) {
978 uint8_t cmd_code = p_cb->rcvd_cmd_code;
979
980 if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) ||
981 (cmd_code < SMP_OPCODE_MIN)) {
982 SMP_TRACE_WARNING("%s: Received command with RESERVED code 0x%02x",
983 __func__, cmd_code);
984 return true;
985 }
986
987 if (!smp_command_has_valid_fixed_length(p_cb)) {
988 return true;
989 }
990
991 return false;
992 }
993
994 /*******************************************************************************
995 *
996 * Function smp_command_has_invalid_parameters
997 *
998 * Description Checks if the received SMP command has invalid parameters
999 * i.e. if the command length is valid and the command
1000 * parameters are inside specified range.
1001 * It returns true if the command has invalid parameters.
1002 *
1003 * Returns true if the command has invalid parameters, false otherwise.
1004 *
1005 ******************************************************************************/
smp_command_has_invalid_parameters(tSMP_CB * p_cb)1006 bool smp_command_has_invalid_parameters(tSMP_CB* p_cb) {
1007 uint8_t cmd_code = p_cb->rcvd_cmd_code;
1008
1009 if ((cmd_code > (SMP_OPCODE_MAX + 1 /* for SMP_OPCODE_PAIR_COMMITM */)) ||
1010 (cmd_code < SMP_OPCODE_MIN)) {
1011 SMP_TRACE_WARNING("%s: Received command with RESERVED code 0x%02x",
1012 __func__, cmd_code);
1013 return true;
1014 }
1015
1016 if (!(*smp_cmd_len_is_valid[cmd_code])(p_cb)) {
1017 SMP_TRACE_WARNING("%s: Command length not valid for cmd_code 0x%02x",
1018 __func__, cmd_code);
1019 return true;
1020 }
1021
1022 if (!(*smp_cmd_param_ranges_are_valid[cmd_code])(p_cb)) {
1023 SMP_TRACE_WARNING("%s: Parameter ranges not valid code 0x%02x", __func__,
1024 cmd_code);
1025 return true;
1026 }
1027
1028 return false;
1029 }
1030
1031 /*******************************************************************************
1032 *
1033 * Function smp_command_has_valid_fixed_length
1034 *
1035 * Description Checks if the received command size is equal to the size
1036 * according to specs.
1037 *
1038 * Returns true if the command size is as expected, false otherwise.
1039 *
1040 * Note The command is expected to have fixed length.
1041 ******************************************************************************/
smp_command_has_valid_fixed_length(tSMP_CB * p_cb)1042 bool smp_command_has_valid_fixed_length(tSMP_CB* p_cb) {
1043 uint8_t cmd_code = p_cb->rcvd_cmd_code;
1044
1045 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, cmd_code);
1046
1047 if (p_cb->rcvd_cmd_len != smp_cmd_size_per_spec[cmd_code]) {
1048 SMP_TRACE_WARNING(
1049 "Rcvd from the peer cmd 0x%02x with invalid length "
1050 "0x%02x (per spec the length is 0x%02x).",
1051 cmd_code, p_cb->rcvd_cmd_len, smp_cmd_size_per_spec[cmd_code]);
1052 return false;
1053 }
1054
1055 return true;
1056 }
1057
1058 /*******************************************************************************
1059 *
1060 * Function smp_pairing_request_response_parameters_are_valid
1061 *
1062 * Description Validates parameter ranges in the received SMP command
1063 * pairing request or pairing response.
1064 * The parameters to validate:
1065 * IO capability,
1066 * OOB data flag,
1067 * Bonding_flags in AuthReq
1068 * Maximum encryption key size.
1069 * Returns false if at least one of these parameters is out of
1070 * range.
1071 *
1072 ******************************************************************************/
smp_pairing_request_response_parameters_are_valid(tSMP_CB * p_cb)1073 bool smp_pairing_request_response_parameters_are_valid(tSMP_CB* p_cb) {
1074 uint8_t io_caps = p_cb->peer_io_caps;
1075 uint8_t oob_flag = p_cb->peer_oob_flag;
1076 uint8_t bond_flag =
1077 p_cb->peer_auth_req & 0x03; // 0x03 is gen bond with appropriate mask
1078 uint8_t enc_size = p_cb->peer_enc_size;
1079
1080 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, p_cb->rcvd_cmd_code);
1081
1082 if (io_caps >= BTM_IO_CAP_MAX) {
1083 SMP_TRACE_WARNING(
1084 "Rcvd from the peer cmd 0x%02x with IO Capability "
1085 "value (0x%02x) out of range).",
1086 p_cb->rcvd_cmd_code, io_caps);
1087 return false;
1088 }
1089
1090 if (!((oob_flag == SMP_OOB_NONE) || (oob_flag == SMP_OOB_PRESENT))) {
1091 SMP_TRACE_WARNING(
1092 "Rcvd from the peer cmd 0x%02x with OOB data flag value "
1093 "(0x%02x) out of range).",
1094 p_cb->rcvd_cmd_code, oob_flag);
1095 return false;
1096 }
1097
1098 if (!((bond_flag == SMP_AUTH_NO_BOND) || (bond_flag == SMP_AUTH_BOND))) {
1099 SMP_TRACE_WARNING(
1100 "Rcvd from the peer cmd 0x%02x with Bonding_Flags value (0x%02x) "
1101 "out of range).",
1102 p_cb->rcvd_cmd_code, bond_flag);
1103 return false;
1104 }
1105
1106 if ((enc_size < SMP_ENCR_KEY_SIZE_MIN) ||
1107 (enc_size > SMP_ENCR_KEY_SIZE_MAX)) {
1108 SMP_TRACE_WARNING(
1109 "Rcvd from the peer cmd 0x%02x with Maximum Encryption "
1110 "Key value (0x%02x) out of range).",
1111 p_cb->rcvd_cmd_code, enc_size);
1112 return false;
1113 }
1114
1115 return true;
1116 }
1117
1118 /*******************************************************************************
1119 *
1120 * Function smp_pairing_keypress_notification_is_valid
1121 *
1122 * Description Validates Notification Type parameter range in the received
1123 * SMP command pairing keypress notification.
1124 * Returns false if this parameter is out of range.
1125 *
1126 ******************************************************************************/
smp_pairing_keypress_notification_is_valid(tSMP_CB * p_cb)1127 bool smp_pairing_keypress_notification_is_valid(tSMP_CB* p_cb) {
1128 tSMP_SC_KEY_TYPE keypress_notification = p_cb->peer_keypress_notification;
1129
1130 SMP_TRACE_DEBUG("%s for cmd code 0x%02x", __func__, p_cb->rcvd_cmd_code);
1131
1132 if (keypress_notification >= SMP_SC_KEY_OUT_OF_RANGE) {
1133 SMP_TRACE_WARNING(
1134 "Rcvd from the peer cmd 0x%02x with Pairing Keypress "
1135 "Notification value (0x%02x) out of range).",
1136 p_cb->rcvd_cmd_code, keypress_notification);
1137 return false;
1138 }
1139
1140 return true;
1141 }
1142
1143 /*******************************************************************************
1144 *
1145 * Function smp_parameter_unconditionally_valid
1146 *
1147 * Description Always returns true.
1148 *
1149 ******************************************************************************/
smp_parameter_unconditionally_valid(UNUSED_ATTR tSMP_CB * p_cb)1150 bool smp_parameter_unconditionally_valid(UNUSED_ATTR tSMP_CB* p_cb) {
1151 return true;
1152 }
1153
1154 /*******************************************************************************
1155 *
1156 * Function smp_parameter_unconditionally_invalid
1157 *
1158 * Description Always returns false.
1159 *
1160 ******************************************************************************/
smp_parameter_unconditionally_invalid(UNUSED_ATTR tSMP_CB * p_cb)1161 bool smp_parameter_unconditionally_invalid(UNUSED_ATTR tSMP_CB* p_cb) {
1162 return false;
1163 }
1164
1165 /*******************************************************************************
1166 *
1167 * Function smp_reject_unexpected_pairing_command
1168 *
1169 * Description send pairing failure to an unexpected pairing command during
1170 * an active pairing process.
1171 *
1172 * Returns void
1173 *
1174 ******************************************************************************/
smp_reject_unexpected_pairing_command(const RawAddress & bd_addr)1175 void smp_reject_unexpected_pairing_command(const RawAddress& bd_addr) {
1176 uint8_t* p;
1177 BT_HDR* p_buf = (BT_HDR*)osi_malloc(sizeof(BT_HDR) + SMP_PAIR_FAIL_SIZE +
1178 L2CAP_MIN_OFFSET);
1179
1180 SMP_TRACE_DEBUG("%s", __func__);
1181
1182 p = (uint8_t*)(p_buf + 1) + L2CAP_MIN_OFFSET;
1183 UINT8_TO_STREAM(p, SMP_OPCODE_PAIRING_FAILED);
1184 UINT8_TO_STREAM(p, SMP_PAIR_NOT_SUPPORT);
1185
1186 p_buf->offset = L2CAP_MIN_OFFSET;
1187 p_buf->len = SMP_PAIR_FAIL_SIZE;
1188
1189 smp_send_msg_to_L2CAP(bd_addr, p_buf);
1190 }
1191
1192 /*******************************************************************************
1193 * Function smp_select_association_model
1194 *
1195 * Description This function selects association model to use for STK
1196 * generation. Selection is based on both sides' io capability,
1197 * oob data flag and authentication request.
1198 *
1199 * Note If Secure Connections Only mode is required locally then we
1200 * come to this point only if both sides support Secure
1201 * Connections mode, i.e.
1202 * if p_cb->secure_connections_only_mode_required = true
1203 * then we come to this point only if
1204 * (p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) ==
1205 * (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT) ==
1206 * SMP_SC_SUPPORT_BIT
1207 *
1208 ******************************************************************************/
smp_select_association_model(tSMP_CB * p_cb)1209 tSMP_ASSO_MODEL smp_select_association_model(tSMP_CB* p_cb) {
1210 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1211 p_cb->le_secure_connections_mode_is_used = false;
1212
1213 SMP_TRACE_EVENT("%s", __func__);
1214 SMP_TRACE_DEBUG("%s p_cb->peer_io_caps = %d p_cb->local_io_capability = %d",
1215 __func__, p_cb->peer_io_caps, p_cb->local_io_capability);
1216 SMP_TRACE_DEBUG("%s p_cb->peer_oob_flag = %d p_cb->loc_oob_flag = %d",
1217 __func__, p_cb->peer_oob_flag, p_cb->loc_oob_flag);
1218 SMP_TRACE_DEBUG("%s p_cb->peer_auth_req = 0x%02x p_cb->loc_auth_req = 0x%02x",
1219 __func__, p_cb->peer_auth_req, p_cb->loc_auth_req);
1220 SMP_TRACE_DEBUG(
1221 "%s p_cb->secure_connections_only_mode_required = %s", __func__,
1222 p_cb->secure_connections_only_mode_required ? "true" : "false");
1223
1224 if ((p_cb->peer_auth_req & SMP_SC_SUPPORT_BIT) &&
1225 (p_cb->loc_auth_req & SMP_SC_SUPPORT_BIT)) {
1226 p_cb->le_secure_connections_mode_is_used = true;
1227 }
1228
1229 if ((p_cb->peer_auth_req & SMP_H7_SUPPORT_BIT) &&
1230 (p_cb->loc_auth_req & SMP_H7_SUPPORT_BIT)) {
1231 p_cb->key_derivation_h7_used = TRUE;
1232 }
1233
1234 SMP_TRACE_DEBUG("use_sc_process = %d, h7 use = %d",
1235 p_cb->le_secure_connections_mode_is_used,
1236 p_cb->key_derivation_h7_used);
1237
1238 if (p_cb->le_secure_connections_mode_is_used) {
1239 model = smp_select_association_model_secure_connections(p_cb);
1240 } else {
1241 model = smp_select_legacy_association_model(p_cb);
1242 }
1243 return model;
1244 }
1245
1246 /*******************************************************************************
1247 * Function smp_select_legacy_association_model
1248 *
1249 * Description This function is called to select association mode if at
1250 * least one side doesn't support secure connections.
1251 *
1252 ******************************************************************************/
smp_select_legacy_association_model(tSMP_CB * p_cb)1253 tSMP_ASSO_MODEL smp_select_legacy_association_model(tSMP_CB* p_cb) {
1254 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1255
1256 SMP_TRACE_DEBUG("%s", __func__);
1257 /* if OOB data is present on both devices, then use OOB association model */
1258 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT &&
1259 p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1260 return SMP_MODEL_OOB;
1261
1262 /* else if neither device requires MITM, then use Just Works association model
1263 */
1264 if (SMP_NO_MITM_REQUIRED(p_cb->peer_auth_req) &&
1265 SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req))
1266 return SMP_MODEL_ENCRYPTION_ONLY;
1267
1268 /* otherwise use IO capability to select association model */
1269 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX &&
1270 p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1271 if (p_cb->role == HCI_ROLE_CENTRAL) {
1272 model = smp_association_table[p_cb->role][p_cb->peer_io_caps]
1273 [p_cb->local_io_capability];
1274 } else {
1275 model = smp_association_table[p_cb->role][p_cb->local_io_capability]
1276 [p_cb->peer_io_caps];
1277 }
1278 }
1279
1280 return model;
1281 }
1282
1283 /*******************************************************************************
1284 * Function smp_select_association_model_secure_connections
1285 *
1286 * Description This function is called to select association mode if both
1287 * sides support secure connections.
1288 *
1289 ******************************************************************************/
smp_select_association_model_secure_connections(tSMP_CB * p_cb)1290 tSMP_ASSO_MODEL smp_select_association_model_secure_connections(tSMP_CB* p_cb) {
1291 tSMP_ASSO_MODEL model = SMP_MODEL_OUT_OF_RANGE;
1292
1293 SMP_TRACE_DEBUG("%s", __func__);
1294 /* if OOB data is present on at least one device, then use OOB association
1295 * model */
1296 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT ||
1297 p_cb->loc_oob_flag == SMP_OOB_PRESENT)
1298 return SMP_MODEL_SEC_CONN_OOB;
1299
1300 /* else if neither device requires MITM, then use Just Works association model
1301 */
1302 if (SMP_NO_MITM_REQUIRED(p_cb->peer_auth_req) &&
1303 SMP_NO_MITM_REQUIRED(p_cb->loc_auth_req))
1304 return SMP_MODEL_SEC_CONN_JUSTWORKS;
1305
1306 /* otherwise use IO capability to select association model */
1307 if (p_cb->peer_io_caps < SMP_IO_CAP_MAX &&
1308 p_cb->local_io_capability < SMP_IO_CAP_MAX) {
1309 if (p_cb->role == HCI_ROLE_CENTRAL) {
1310 model = smp_association_table_sc[p_cb->role][p_cb->peer_io_caps]
1311 [p_cb->local_io_capability];
1312 } else {
1313 model = smp_association_table_sc[p_cb->role][p_cb->local_io_capability]
1314 [p_cb->peer_io_caps];
1315 }
1316 }
1317
1318 return model;
1319 }
1320
1321 /*******************************************************************************
1322 * Function smp_calculate_random_input
1323 *
1324 * Description This function returns random input value to be used in
1325 * commitment calculation for SC passkey entry association mode
1326 * (if bit["round"] in "random" array == 1 then returns 0x81
1327 * else returns 0x80).
1328 *
1329 * Returns ri value
1330 *
1331 ******************************************************************************/
smp_calculate_random_input(uint8_t * random,uint8_t round)1332 uint8_t smp_calculate_random_input(uint8_t* random, uint8_t round) {
1333 uint8_t i = round / 8;
1334 uint8_t j = round % 8;
1335 uint8_t ri;
1336
1337 SMP_TRACE_DEBUG("random: 0x%02x, round: %d, i: %d, j: %d", random[i], round,
1338 i, j);
1339 ri = ((random[i] >> j) & 1) | 0x80;
1340 SMP_TRACE_DEBUG("%s ri=0x%02x", __func__, ri);
1341 return ri;
1342 }
1343
1344 /*******************************************************************************
1345 * Function smp_collect_local_io_capabilities
1346 *
1347 * Description This function puts into IOcap array local device
1348 * IOCapability, OOB data, AuthReq.
1349 *
1350 * Returns void
1351 *
1352 ******************************************************************************/
smp_collect_local_io_capabilities(uint8_t * iocap,tSMP_CB * p_cb)1353 void smp_collect_local_io_capabilities(uint8_t* iocap, tSMP_CB* p_cb) {
1354 SMP_TRACE_DEBUG("%s", __func__);
1355
1356 iocap[0] = p_cb->local_io_capability;
1357 iocap[1] = p_cb->loc_oob_flag;
1358 iocap[2] = p_cb->loc_auth_req;
1359 }
1360
1361 /*******************************************************************************
1362 * Function smp_collect_peer_io_capabilities
1363 *
1364 * Description This function puts into IOcap array peer device
1365 * IOCapability, OOB data, AuthReq.
1366 *
1367 * Returns void
1368 *
1369 ******************************************************************************/
smp_collect_peer_io_capabilities(uint8_t * iocap,tSMP_CB * p_cb)1370 void smp_collect_peer_io_capabilities(uint8_t* iocap, tSMP_CB* p_cb) {
1371 SMP_TRACE_DEBUG("%s", __func__);
1372
1373 iocap[0] = p_cb->peer_io_caps;
1374 iocap[1] = p_cb->peer_oob_flag;
1375 iocap[2] = p_cb->peer_auth_req;
1376 }
1377
1378 /*******************************************************************************
1379 * Function smp_collect_local_ble_address
1380 *
1381 * Description Put the the local device LE address into the le_addr array:
1382 * le_addr[0-5] = local BD ADDR,
1383 * le_addr[6] = local le address type (PUBLIC/RANDOM).
1384 *
1385 * Returns void
1386 *
1387 ******************************************************************************/
smp_collect_local_ble_address(uint8_t * le_addr,tSMP_CB * p_cb)1388 void smp_collect_local_ble_address(uint8_t* le_addr, tSMP_CB* p_cb) {
1389 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
1390 RawAddress bda;
1391 uint8_t* p = le_addr;
1392
1393 SMP_TRACE_DEBUG("%s", __func__);
1394
1395 BTM_ReadConnectionAddr(p_cb->pairing_bda, bda, &addr_type);
1396 BDADDR_TO_STREAM(p, bda);
1397 UINT8_TO_STREAM(p, addr_type);
1398 }
1399
1400 /*******************************************************************************
1401 * Function smp_collect_peer_ble_address
1402 *
1403 * Description Put the peer device LE addr into the le_addr array:
1404 * le_addr[0-5] = peer BD ADDR,
1405 * le_addr[6] = peer le address type (PUBLIC/RANDOM).
1406 *
1407 * Returns void
1408 *
1409 ******************************************************************************/
smp_collect_peer_ble_address(uint8_t * le_addr,tSMP_CB * p_cb)1410 void smp_collect_peer_ble_address(uint8_t* le_addr, tSMP_CB* p_cb) {
1411 tBLE_ADDR_TYPE addr_type = BLE_ADDR_PUBLIC;
1412 RawAddress bda;
1413 uint8_t* p = le_addr;
1414
1415 SMP_TRACE_DEBUG("%s", __func__);
1416
1417 if (!BTM_ReadRemoteConnectionAddr(p_cb->pairing_bda, bda, &addr_type)) {
1418 SMP_TRACE_ERROR(
1419 "can not collect peer le addr information for unknown device");
1420 return;
1421 }
1422
1423 BDADDR_TO_STREAM(p, bda);
1424 UINT8_TO_STREAM(p, addr_type);
1425 }
1426
1427 /*******************************************************************************
1428 * Function smp_check_commitment
1429 *
1430 * Description This function compares peer commitment values:
1431 * - expected (i.e. calculated locally),
1432 * - received from the peer.
1433 *
1434 * Returns true if the values are the same
1435 * false otherwise
1436 *
1437 ******************************************************************************/
smp_check_commitment(tSMP_CB * p_cb)1438 bool smp_check_commitment(tSMP_CB* p_cb) {
1439
1440 SMP_TRACE_DEBUG("%s", __func__);
1441
1442 Octet16 expected = smp_calculate_peer_commitment(p_cb);
1443 print128(expected, (const uint8_t*)"calculated peer commitment");
1444 print128(p_cb->remote_commitment, (const uint8_t*)"received peer commitment");
1445
1446 if (memcmp(p_cb->remote_commitment.data(), expected.data(), OCTET16_LEN)) {
1447 SMP_TRACE_WARNING("%s: Commitment check fails", __func__);
1448 return false;
1449 }
1450
1451 SMP_TRACE_DEBUG("%s: Commitment check succeeds", __func__);
1452 return true;
1453 }
1454
1455 /*******************************************************************************
1456 *
1457 * Function smp_save_secure_connections_long_term_key
1458 *
1459 * Description The function saves SC LTK as BLE key for future use as local
1460 * and/or peer key.
1461 *
1462 * Returns void
1463 *
1464 ******************************************************************************/
smp_save_secure_connections_long_term_key(tSMP_CB * p_cb)1465 void smp_save_secure_connections_long_term_key(tSMP_CB* p_cb) {
1466 tBTM_LE_KEY_VALUE lle_key;
1467 tBTM_LE_KEY_VALUE ple_key;
1468
1469 SMP_TRACE_DEBUG("%s-Save LTK as local LTK key", __func__);
1470 lle_key.lenc_key.ltk = p_cb->ltk;
1471 lle_key.lenc_key.div = 0;
1472 lle_key.lenc_key.key_size = p_cb->loc_enc_size;
1473 lle_key.lenc_key.sec_level = p_cb->sec_level;
1474 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_LENC, &lle_key, true);
1475
1476 SMP_TRACE_DEBUG("%s-Save LTK as peer LTK key", __func__);
1477 ple_key.penc_key.ediv = 0;
1478 memset(ple_key.penc_key.rand, 0, BT_OCTET8_LEN);
1479 ple_key.penc_key.ltk = p_cb->ltk;
1480 ple_key.penc_key.sec_level = p_cb->sec_level;
1481 ple_key.penc_key.key_size = p_cb->loc_enc_size;
1482 btm_sec_save_le_key(p_cb->pairing_bda, BTM_LE_KEY_PENC, &ple_key, true);
1483 }
1484
1485 /** The function calculates MacKey and LTK and saves them in CB. To calculate
1486 * MacKey and LTK it calls smp_calc_f5(...). MacKey is used in dhkey
1487 * calculation, LTK is used to encrypt the link. */
smp_calculate_f5_mackey_and_long_term_key(tSMP_CB * p_cb)1488 void smp_calculate_f5_mackey_and_long_term_key(tSMP_CB* p_cb) {
1489 uint8_t a[7];
1490 uint8_t b[7];
1491 Octet16 na;
1492 Octet16 nb;
1493
1494 SMP_TRACE_DEBUG("%s", __func__);
1495
1496 if (p_cb->role == HCI_ROLE_CENTRAL) {
1497 smp_collect_local_ble_address(a, p_cb);
1498 smp_collect_peer_ble_address(b, p_cb);
1499 na = p_cb->rand;
1500 nb = p_cb->rrand;
1501 } else {
1502 smp_collect_local_ble_address(b, p_cb);
1503 smp_collect_peer_ble_address(a, p_cb);
1504 na = p_cb->rrand;
1505 nb = p_cb->rand;
1506 }
1507
1508 crypto_toolbox::f5(p_cb->dhkey, na, nb, a, b, &p_cb->mac_key, &p_cb->ltk);
1509
1510 SMP_TRACE_EVENT("%s is completed", __func__);
1511 }
1512
1513 /*******************************************************************************
1514 *
1515 * Function smp_request_oob_data
1516 *
1517 * Description Requests application to provide OOB data.
1518 *
1519 * Returns true - OOB data has to be provided by application
1520 * false - otherwise (unexpected)
1521 *
1522 ******************************************************************************/
smp_request_oob_data(tSMP_CB * p_cb)1523 bool smp_request_oob_data(tSMP_CB* p_cb) {
1524 tSMP_OOB_DATA_TYPE req_oob_type = SMP_OOB_INVALID_TYPE;
1525
1526 SMP_TRACE_DEBUG("%s", __func__);
1527
1528 if (p_cb->peer_oob_flag == SMP_OOB_PRESENT &&
1529 p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1530 /* both local and peer rcvd data OOB */
1531 req_oob_type = SMP_OOB_BOTH;
1532 } else if (p_cb->peer_oob_flag == SMP_OOB_PRESENT) {
1533 /* peer rcvd OOB local data, local didn't receive OOB peer data */
1534 req_oob_type = SMP_OOB_LOCAL;
1535 } else if (p_cb->loc_oob_flag == SMP_OOB_PRESENT) {
1536 req_oob_type = SMP_OOB_PEER;
1537 }
1538
1539 SMP_TRACE_DEBUG("req_oob_type = %d", req_oob_type);
1540
1541 if (req_oob_type == SMP_OOB_INVALID_TYPE) return false;
1542
1543 p_cb->req_oob_type = req_oob_type;
1544 p_cb->cb_evt = SMP_SC_OOB_REQ_EVT;
1545 tSMP_INT_DATA smp_int_data;
1546 smp_int_data.req_oob_type = req_oob_type;
1547 smp_sm_event(p_cb, SMP_TK_REQ_EVT, &smp_int_data);
1548
1549 return true;
1550 }
1551
print128(const Octet16 & x,const uint8_t * key_name)1552 void print128(const Octet16& x, const uint8_t* key_name) {
1553 if (VLOG_IS_ON(2) && DLOG_IS_ON(INFO)) {
1554 uint8_t* p = (uint8_t*)x.data();
1555
1556 DVLOG(2) << key_name << " (MSB ~ LSB) = ";
1557 for (int i = 0; i < 4; i++) {
1558 DVLOG(2) << +p[OCTET16_LEN - i * 4 - 1] << +p[OCTET16_LEN - i * 4 - 2]
1559 << +p[OCTET16_LEN - i * 4 - 3] << +p[OCTET16_LEN - i * 4 - 4];
1560 }
1561 }
1562 }
1563